We Simplify the Complex and Provide Businesses with Compliant Solutions.

Every business faces data protection, security, and artificial intelligence risks. Today, businesses operate in a patchwork of federal and state laws, regulations, litigation, and governmental guidance that requires sophisticated legal partners who understand the complexity of the landscape, legal issues, and risks posed to your business.

At Hinshaw, we create strategic and practical compliance solutions for data protection and security programs, cybersecurity incidents, and artificial intelligence systems. We also help businesses update their internal privacy policies and defend privacy claims asserted by private litigants, state attorneys general, and state and federal regulators.

Delivering Data Protection, Cybersecurity, and Artificial Intelligence Compliance Solutions to your Business

Data Protection and Governance

Whether you need to ensure that a new or existing product is designed with data protection and regulatory controls built-in; address how to legally collect personal information from consumers, employees, or your business-to-business clients; evaluate what data rights are required for an acquisition; or manage the numerous vendors handling your company’s data assets in your technology stack, our team offers creative legal solutions to business-orientated data protection.

We regularly help clients with:

Gramm-Leach-Bliley Act and the Privacy Rule and Safeguards Rule under Regulation P
Fair Credit Reporting Act and the Affiliate Marketing Rule under Regulation V
State privacy law compliance (including California Consumer Privacy Act and similar laws)
General Data Protection Regulation and ePrivacy compliance (including for cookies and similar technologies)
Cross-border data transfers, including in relation to standard contractual clauses, technical organizational measures, and the data privacy framework
Privacy notices and privacy policies
Internal privacy governance programs
Commercial transactions, including mergers and acquisitions, data licenses, data protection addenda, and vendor agreements
Product data protection, security, and artificial intelligence counseling
Employee privacy
Automobile and connected cars privacy
Comprehensive privacy and data protection assessments to evaluate existing controls, maturity levels, and process improvements
Data subjects’ rights and request management and response
Direct marketing and communications rules for emails, texts, phone calls, and other channels, including under the CAN-SPAM Act, Telephone Consumer Protection Act, Telemarketing Sales Rule, and Mortgage Acts and Practices Advertising Rule
State telemarketing, telephone solicitation, automatic dialing and announcing devices, and other consumer communications laws and regulations
Government or litigation-related demands for data
AdTech and MarTech privacy
HIPAA and health privacy
Financial privacy and fintech issues
EdTech, Family Educational Rights and Privacy Act (FERPA), and education privacy
Training and education
Data privacy and protection litigation, including Illinois Biometric Information Privacy Act (BIPA), Telephone Consumer Protection Act (TCPA), and data breach litigation

Proactive Cyber Counseling

Our proactive cyber legal defense team helps organizations of all sizes prepare for a cyber incident, assists after an incident, and puts the organization in the best possible position to respond to and mitigate the impact.

We take a business-oriented view of your cyber risks and implement practical, affordable strategies by:

Advising on security breach investigations, user requirements, insurance coverage issues, and defending any resulting regulatory inquiries and civil litigation
Conducting information security assessments
Developing and implementing policies and procedures to minimize vulnerabilities, including incident response plans, data breach notification procedures, record retention, and related policies
Advising on the security requirements of GLBA, FCRA, SEC, CFPB, federal and state banking regulators, state and local security breach notification laws, and other U.S. state, federal, and international security requirements
Performing information security (and data protection) due diligence for corporate acquisitions or equity investments
Demonstrating a cybersecurity posture and reviewing insurance coverages for these risks
Educating and training the C-Suite and other stakeholders about the potential threats, effective mitigation and prevention procedures, and how to respond to a cyber incident

Artificial Intelligence

Addressing artificial intelligence (AI) compliance is top of mind for many businesses today as regulators are increasingly focused on AI organizational compliance. Hinshaw provides clients with a multidisciplinary team of attorneys with legal experience in AI and machine learning counseling and guidance. We advise our clients on:

The use of AI in consumer credit products and services, including consideration of potential fair lending implications and risks of unfair, deceptive, and abusive acts and practices (UDAAPs)
The use of HR AI platforms and employment-related matters
AI third-party procurement and vendor contracts
Developing and implementing forward-looking and comprehensive AI compliance programs with a risk-based approach
Reviewing generative AI intellectual property and proprietary rights issues
Complex acquisitions and implementations of machine learning/AI systems, including navigating regulatory risks from numerous AI use cases
Negotiating complex transactions for AI third-party solutions
Regulatory compliance issues regarding the use of artificial intelligence in marketing and advertising programs
Advising AI and data companies on AI, data protection, intellectual property, cybersecurity, and other regulatory and best practice requirements for their AI product development, operations, and launch

Litigation Defense

Hinshaw is a leader in defending privacy claims. We have litigated thousands of privacy class actions in state and federal courts nationwide. Our team has defended privacy class actions including, but not limited to, claims for alleged violations of the Illinois Biometric Information Privacy Act (BIPA), Illinois Right of Publicity Act (IRPA), Telephone Consumer Protection Act (TCPA), Fair Debt Collection Practices Act (FDCPA), Fair Credit Reporting Act (FCRA), and the Video Privacy Protection Act (VPPA). Statutory damages under these acts can range from minor to catastrophic.

Our team draws on its vast experience and develops unique, fact-driven strategies and tactics for success. We employ strategies aimed at cutting off class actions as quickly and expeditiously as possible. If a case does move forward, we immediately engage in an active motion practice to thwart or halt the plaintiffs' momentum. At every step, we partner with you as we draw on our extensive courtroom and negotiating experience to provide unparalleled representation before regulators, attorneys general, judges, and juries.